Home Linux LibreNMS Monitoring & Alerting your Enterprise Network Easily

LibreNMS Monitoring & Alerting your Enterprise Network Easily

by Lakindu Jayasena
4.7k views 12 mins read
Librenms Installation

LibreNMS is an open-source network monitoring tool that can monitor a wide range of network devices such as Cisco, Juniper, Brocade, HP, Fortigate, and also different operating systems such as Linux, Windows as well and pretty much anything that supports SNMP polling.

The top features of LibreNMS monitoring tool:

  • Automatic Discovery – It will automatically discover your entire network using CDP, FDP, LLDP, OSPF, BGP, SNMP, and ARP.
  • Customizable Alerting – Supports a customizable alerting system to send notifications through email, IRC, slack, and more.
  • Customizable Dashboards – It has a mobile-friendly Web UI, with customizable dashboards.
  • Integration Support – Supports integration with NfSen, collected, SmokePing, RANCID, and Oxidized.
  • Multiple Authentication Methods – Supports multiple authentication methods such as MySQL, HTTP, LDAP, Radius, and Active Directory.
  • Billing system – Easily generate bandwidth bills for ports on your network based on usage or transfer.
  • API Access – Supports an API for managing, graphing, and retrieving data from your system.
  • Automatic Updates – With LibreNMS you get to stay up to date automatically with new features and bug fixes.

For more details related to features and supported vendors, please visit: https://docs.librenms.org/Support/Features/

This post will explain to you the steps to install and configure LibreNMS with Nginx web server on a CentOS 8 server. Also throughout this tutorial, I assume you are the root user to issue the commands.

Step 1 – Installing Required Packages & Prerequisites

Disabling SELinux

Edit /etc/selinux/config file and change SELINUX=enforcing parameter to SELINUX=disabled like below & reboot the server to affect the changes:

vim /etc/selinux/config

SELINUX=disabled

reboot

Installing EPEL Repository & Required Dependencies

yum -y update
yum -y install epel-release
yum module reset php
yum module enable php:7.3
yum -y install bash-completion git cronie fping ImageMagick mtr net-snmp net-snmp-utils nmap rrdtool unzip tar wget python3 python3-PyMySQL python3-redis python3-memcached python3-pip

Install Nginx, MariaDB and PHP

yum -y install nginx
yum -y install mariadb mariadb-server
yum -y install php-fpm php-cli php-common php-curl php-gd php-json php-mbstring php-process php-snmp php-xml php-zip php-mysqlnd

Add librenms user

useradd librenms -d /opt/librenms -M -r -s "$(which bash)"

Download LibreNMS & Set Permissions

cd /opt
git clone https://github.com/librenms/librenms.git

chown -R librenms:librenms /opt/librenms
chmod 771 /opt/librenms
setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/

Install PHP Dependencies

su - librenms
./scripts/composer_wrapper.php install --no-dev
exit

Step 2 – Configure the Installed Packages

Configure the PHP TimeZone

Ensure the date.timezone is set in php.ini file to your time zone. Get the list of supported timezones in this link https://www.php.net/manual/en/timezones.php

vim /etc/php.ini
date.timezone = "Asia/Colombo"

#Also set the system time zone as the same.
timedatectl set-timezone Asia/Colombo

Configure MariaDB Database

Librenms use the MySQL database to store all the data. In this post, I will use the MariaDB version.
Edit the mariadb0server.cnf file located under /etc/my.cnf.d/ and add the following in section [mysqld].

vi /etc/my.cnf.d/mariadb-server.cnf

[mysqld]
innodb_file_per_table=1
lower_case_table_names=0

#Enable and restart the service
systemctl enable mariadb
systemctl restart mariadb

By default, MariaDB initial installation is not sure and anyone can get into your database. To secure it, run the following commands and follow the instruction to complete it.

mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Now we need to create a database and a user for librenms like below

mysql -u root -p

mysql> CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci;
mysql> CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> exit

Configure PHP-FPM

For PHP-FPM to work with Nginx, we need to make changes to the config file

cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/librenms.conf
vi /etc/php-fpm.d/librenms.conf

# Change "www" to "librenms"
[librenms]

# Change user and group to "librenms"
user = librenms
group = librenms

# Change listen to a unique name
listen = /run/php-fpm-librenms.sock
Configure PHP-FPM

Configure Nginx Web Server

LibreNMS is a web-based application and here we are using an Nginx web server to host it.
I will create a new virtual host file librenms.conf in the Nginx conf.d directory by running the following:

Also, see https://mytechnix.com/nginx-best-practices-on-initial-setup/ for more details.

vi /etc/nginx/conf.d/librenms.conf

server {
    listen      80;
    server_name librenms.example.com;
    root        /opt/librenms/html;
    index       index.php;

    charset utf-8;
    gzip on;
    gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
 
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    location ~ [^/]\.php(/|$) {
        fastcgi_pass unix:/run/php-fpm-librenms.sock;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include fastcgi.conf;
    }
    location ~ /\.(?!well-known).* {
        deny all;
    }
}
systemctl enable --now nginx
systemctl enable --now php-fpm

Allow fping

Create the file http_fping.tt with the following contents. You can create this file anywhere, as it is a throw-away file. The last step in this install procedure will install the module in the proper location.

vim /tmp/http_fping.tt

module http_fping 1.0;

require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}

#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };
#Then run these commands
cd /tmp
checkmodule -M -m -o http_fping.mod http_fping.tt
semodule_package -o http_fping.pp -m http_fping.mod
semodule -i http_fping.pp

Allow Access through Firewall (if required)

We can either disable the firewalld or else allow access through the firewalld by using the following commands.

firewall-cmd --zone public --add-service http
firewall-cmd --permanent --zone public --add-service http
firewall-cmd --zone public --add-service https
firewall-cmd --permanent --zone public --add-service https

Enable lnms command completion (optional)

This feature grants you the opportunity to use the tab for completion on lnms commands as you would for normal linux commands.

ln -s /opt/librenms/lnms /usr/local/bin/lnms
cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/

Configure snmpd (optional)

Copy the sample config file to snmpd installed location (/etc/snmp/) and replace RANDOMSTRINGGOESHERE and to your own community string.

vi /etc/snmp/snmpd.conf

rocommunity RANDOMSTRINGGOESHERE 127.0.0.1

#Enable and restart the service
systemctl enable snmpd
systemctl restart snmpd

Add Cron job

cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms

Copy logrotate config

LibreNMS keeps logs in /opt/librenms/logs. Over time these can become large and be rotated out. To rotate out the old logs you can use the provided logrotate config file:

cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms

Step 3 – Start the Web Installer

Now go to the web browser and type the http://librenms.example.com/install URL and it will start the Web Installer. Then follow the screenshots mentioned below.

If all checks are passed, click the database icon.

Run Web Installer

Provide the Database name and credentials.

Add Database Credintials

Click Build Database to start the database installation.

Start Build Database

Create an admin account for login.

Create Admin Account

Once all the above steps are done, you will get the following screen.

Finsish Web Installation

Now you can log in to the LibreNMS and it will automatically navigate you to the configuration validation page.

Login to the LibreNMS

If any failures on the config validation page, do the fixes as they are given. In this case, I have fixed the following permission issue by following commands.

sudo chown -R librenms:librenms /opt/librenms
sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
sudo chmod -R ug=rwX /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/
Validate the Config

Finally, you can add your SNMP-enabled devices in the Devices section.

Add New Device

Related Articles

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.